#!/bin/bash
clear
RED="\033[31m"    # Error message
GREEN="\033[32m"  # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m"   # Info message
RESET='\033[0m'

if [ "$EUID" -ne 0 ]; then
  echo -e "${RED} Anda tiada kebenaran untuk menjalankan skrip ini! ${RESET}"
  exit 1
fi

apt-get -qq update
apt-get -y -qq install openvpn easy-rsa

ipAddr=$(wget -qO- ipv4.icanhazip.com)
hostAddr=$(cat /etc/environment | grep 'DOMAIN' | cut -d '=' -f 2 | head -n 1)

cd /usr/share/easy-rsa
./easyrsa --batch init-pki
./easyrsa --batch build-ca nopass
./easyrsa --batch gen-dh
./easyrsa --batch build-server-full server nopass
cp -R /usr/share/easy-rsa/pki /etc/openvpn/ && cd

[[ -d /etc/openvpn/server ]] && rm -d /etc/openvpn/server
echo "# ----------------------------
# OVPN SERVER-TCP CONFIG
# ----------------------------
port 1194
proto tcp
dev tun

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/pki/dh.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 1.1.1.1\"
keepalive 5 60
cipher AES-256-GCM
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn-tcp.log
verb 3
mute 20
verify-client-cert none
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
username-as-common-name" >/etc/openvpn/server-tcp.conf

echo "# ----------------------------
# OVPN CLIENT-TCP CONFIG
# ----------------------------
client
dev tun
proto tcp
remote $ipAddr 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
;http-proxy-retry
;http-proxy $ipAddr 3128
;http-proxy-option CUSTOM-HEADER Protocol HTTP/1.1
;http-proxy-option CUSTOM-HEADER Host HOSTNAME
mute-replay-warnings
remote-cert-tls server
cipher AES-256-GCM
comp-lzo
verb 3
mute 20
auth-user-pass" >/etc/openvpn/client/client-tcp.ovpn

echo "" >>/etc/openvpn/client/client-tcp.ovpn
echo "<ca>" >>/etc/openvpn/client/client-tcp.ovpn
cat /etc/openvpn/pki/ca.crt >>/etc/openvpn/client/client-tcp.ovpn
echo "</ca>" >>/etc/openvpn/client/client-tcp.ovpn

cp /etc/openvpn/client/client-tcp.ovpn \
  /var/www/html/$hostAddr/client-tcp.ovpn

echo "# ----------------------------
# OVPN SERVER-UDP CONFIG
# ----------------------------
port 994
proto udp
dev tun

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/pki/dh.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 1.1.1.1\"
keepalive 5 60
cipher AES-256-GCM
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn-udp.log
verb 3
mute 20
explicit-exit-notify 1
verify-client-cert none
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
username-as-common-name" >/etc/openvpn/server-udp.conf

echo "# ----------------------------
# OVPN CLIENT-UDP CONFIG
# ----------------------------
client
dev tun
proto udp
remote $ipAddr 994
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
remote-cert-tls server
cipher AES-256-GCM
comp-lzo
verb 3
mute 20
auth-user-pass" >/etc/openvpn/client/client-udp.ovpn

echo "" >>/etc/openvpn/client/client-udp.ovpn
echo "<ca>" >>/etc/openvpn/client/client-udp.ovpn
cat /etc/openvpn/pki/ca.crt >>/etc/openvpn/client/client-udp.ovpn
echo "</ca>" >>/etc/openvpn/client/client-udp.ovpn

cp /etc/openvpn/client/client-udp.ovpn \
  /var/www/html/$hostAddr/client-udp.ovpn

echo "# ----------------------------
# OVPN SERVER-TLS CONFIG
# ----------------------------
port 587
proto tcp
dev tun

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/pki/dh.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 1.1.1.1\"
route $ipAddr 255.255.255.255 net_gateway
keepalive 5 60
cipher AES-256-GCM
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn-tls.log
verb 3
mute 20
verify-client-cert none
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
username-as-common-name" >/etc/openvpn/server-tls.conf

echo "# ----------------------------
# OVPN CLIENT-TLS CONFIG
# ----------------------------
client
dev tun
proto tcp
remote $ipAddr 587
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
remote-cert-tls server
cipher AES-256-GCM
comp-lzo
verb 3
mute 20
auth-user-pass" >/etc/openvpn/client/client-tls.ovpn

echo "" >>/etc/openvpn/client/client-tls.ovpn
echo "<ca>" >>/etc/openvpn/client/client-tls.ovpn
cat /etc/openvpn/pki/ca.crt >>/etc/openvpn/client/client-tls.ovpn
echo "</ca>" >>/etc/openvpn/client/client-tls.ovpn

cp /etc/openvpn/client/client-tls.ovpn \
  /var/www/html/$hostAddr/client-tls.ovpn

systemctl disable openvpn
systemctl stop openvpn

systemctl enable openvpn@server-tcp
systemctl start openvpn@server-tcp
systemctl enable openvpn@server-udp
systemctl start openvpn@server-udp
systemctl enable openvpn@server-tls
systemctl start openvpn@server-tls

echo
echo -e "${GREEN} Pemasangan openvpn pakej telah selesai. ${RESET}"
echo
